Chai pe Charcha – Delhi 11 June 2017

Report of Chai-pe-Charcha meet held by Cyber Watch India / Cyber Peace Foundationon June 11, 2017 in New Delhi

45 people registered and ~30 attended (I shall list names later)

The usual format was followed, with each attendee having 2 minutes to present his/her point of view and then the floor opened for general discussion.

Topic of the day:“Incorporation of private talent for making India cyber war ready.”

The following points came up in the discussion

1. Education – this weakness in the national fabric was one unanimous point and came up repeatedly. There is a lack of cyber security education at school / college university level and we need to educate the masses, government, and senior officers too.

There is no dearth of talent in the country and we need a broad visionary approach to mobilizing this (our students are innovative and learn fast). People in different domains and skills wil bring in maturity and must be included to participate in government initiatives, however, bureaucrats do not seem to be aware of the methods to do this.

2. Integration of individuals is important and public and government and the government should take the example of the China Cyber Policy.

3. Government thinking has to be changed; for example sometime back officers did not understand ransomware. We should be prepared by gathering and recognizing people with right talent. Can some one make a dummy’s guide for various subjects.

4. Cyber security is a lot more complex, needs coordination. We need to be agile with policy, and create a framework for talent we have with bug bounty hunters. Policies and IT Act are not really practical and there is a need to initiate PPP to implement security at grass root level.

5. Professionals should stop government bashing, and government departments / buyers should agree that nothing should be expected free-of-cost. Professionals should not take advantage of the lack of awareness on the part of government.

6. Cyber war needs specialized skillsets and the first focus should be on defensive techniques so we can implement and make ourselves secure.

7. How do we define cyber war / cyber security as this is not put forward by government. Though there is the will, do we have the resources? We need a structured approach and can give ideas to government departments about putting a structure in place. India is not cyberwar ready. IT Act is way too outdated. India is not spending even equivalent of JP Morgan.

8. Challenge of working with Govt – One of the participant had created a solution for Govt. deployment and had reached out to the senior officer who was interested to meet him. However in the end the officer asked him to hack into a FB account rather than deploy the solution. Government departments / officials must clearly visualize their challenge / problem statement and should budget for failure too. (for example if the software did not work after effort of the developers there should be some payout) .

9. Cyber army should be related to IT as there is enough IT talent in the country they know programming and a developer can do reversing too. While a number of national level professional databases have been mooted, none have come into being.

10. Putting assets to use – Police should allow students to work on equipment which is lying idle. All departments have a lot of forensic and investigative equipment which may be in use or idle for want of resources. If students are allowed to use this, it will serve the purpose of allowing them to have hands on experience and will also help keep the equipment current.

Cyber Security practitioner and evangelist working in cyber security in national and enterprise application. Contributor to national policy, awareness and development of capacity / capability. Keeps a critical eye on the past, present and future in the infosec domain, and firm believer in common sense. Uses practical thinking to demolish purveyors of cyber hype and snake-oil.